Data protection

at a glance

Enxèro Systems processes personal data on behalf of our customers as a Data Processor, in full alignment with DPA Act, 2019 (Kenya) and the EU GDPR

You are the controller

You determine the purpose and means of processing personal data and are responsible for compliance with applicable laws and regulations.

We are the processor

We process personal data only on your documented instructions to provide our services. We do not determine the purpose or means of processing.

SECURITY & SAFEGUARDS

Appropriate technical and organizational measures

Access control and authentication

Encryption in transit and at rest (when appropriate)

Continuous monitor and logging 

Secure infrastructure and reliable operations

OUR OBLIGATIONS

Process data only on your instructions

Keep personal data confidential and secure

Ensure our team and partners follow strict data protection obligations

Notify you promptly  in the event of a personal data breach

Assist you with data subject rights requests

Return or securely delete data when our services end

YOUR RIGHTS & CONTROLS

Provide clear instructions at any time

Request information about processing

Manage data subjects rights and requests

Request return or deletion of personal data

Revoke instructions subject to legal or contractual restrictions

Our legal basis

We act as a Data Processor under a valid contract (this DPA) and process personal data based on your lawful instructions

International transfers

When data is transferred outside your jurisdiction, we implement proper safeguards in line with GDPR requirements